--- name: x402station.io description: x402station.io provides catalog intelligence and safety tooling for the x402 API payment ecosystem. It exposes three skills: tracking changes to the live catalog of x402 endpoints, maintaining a blacklist of oracle-flagged dangerous endpoints, and running pre-payment safety checks on individual endpoint URLs. host: x402station.io --- # x402station.io x402station.io is a monitoring and risk-management host for agents operating within the x402 pay-per-call ecosystem. It serves agents that need to discover new or removed endpoints on a polling schedule, maintain a local blacklist of known-bad URLs, and gate payments on a machine-readable safety verdict before signing. It does not execute payments, provide token pricing, or offer real-time streaming; its value is in structured catalog awareness and pre-payment risk gating. ## When to use this host Use x402station.io when an agent needs to discover changes to the x402 endpoint catalog on a polling schedule, maintain a local blacklist of oracle-flagged bad endpoints, or gate a payment on a pre-flight safety verdict for a specific URL. Do not use it for real-time or streaming catalog updates — the ingest cron runs every 5 minutes and more frequent calls return stale data. Do not use it as a continuous uptime or health monitor; preflight is a single-shot check, not a probe. Do not use it for token pricing, trade execution, or any payment signing — it provides risk intelligence only, not payment infrastructure. For full catalog state rather than diffs, a separate full-catalog endpoint outside this host would be needed. ## Capabilities ### Catalog Tracking Tracks the state of the x402 endpoint catalog over time, allowing agents to detect newly listed or removed endpoints since a known timestamp without re-fetching the full catalog. - **`fetch-catalog-diff`** — Returns a catalog diff of x402 endpoints added or removed since a given timestamp, including per-endpoint metadata such as URL, service name, provider, category, and price in USDC. ### Endpoint Blacklisting Provides a full oracle-flagged blacklist of known-bad x402 endpoints categorized by risk reason, enabling agents to pre-populate a local rejection list before any probing or payment activity. - **`fetch-decoy-catalog`** — Returns the full oracle-flagged blacklist of dangerous x402 endpoints (decoy_price_extreme, zombie, dead_7d, mostly_dead) with per-entry metadata and per-reason counts, priced at $0.005 USDC. ### Pre-Payment Safety Checks Validates individual x402 endpoint URLs against oracle data and returns a verdict, risk score, and warnings to gate payment signing on safety. - **`check-x402-preflight`** — Validates whether a target x402 endpoint is safe to pay by returning a machine-readable verdict with warnings, risk score, and endpoint metadata. ## Workflows ### Safe Catalog Onboarding *Use when an agent needs to initialize its knowledge of the x402 ecosystem safely — establishing a blacklist baseline and then identifying new endpoints worth evaluating.* 1. **`fetch-decoy-catalog`** — Populate a local blacklist of all oracle-flagged dangerous endpoints so newly discovered URLs can be filtered against it immediately. 2. **`fetch-catalog-diff`** — Fetch recently added endpoints since a known timestamp to identify candidates for use. 3. **`check-x402-preflight`** — Run a preflight safety check on each candidate endpoint not already in the blacklist before committing any payment. ### Scheduled Catalog Refresh with Safety Gate *Use when an agent needs to periodically discover new x402 endpoints on a polling schedule and validate each before paying.* 1. **`fetch-catalog-diff`** — Poll for endpoints added or removed since the last known timestamp, no more frequently than every 5 minutes. 2. **`check-x402-preflight`** — For each newly added endpoint, run a preflight check to obtain a safety verdict and risk score before signing any payment. ## Skill reference ### `fetch-catalog-diff` **What's New Feed — Catalog Diff** — Returns a catalog diff of x402 endpoints added or removed since a given timestamp, including per-endpoint metadata such as URL, service name, provider, category, and price in USDC. *Use when:* Use when an agent needs to detect newly listed or recently removed x402 API endpoints since a known point in time, without re-fetching the entire catalog. Suitable for polling on a schedule no more frequent than every 5 minutes. *Not for:* Do not use for real-time streaming of catalog changes; the ingest cron runs every 5 minutes so more frequent calls return identical data. Not suitable for fetching full catalog state — use a full catalog endpoint instead. **Inputs:** - `since` (string) — ISO 8601 timestamp marking the start of the diff window. Defaults to now minus 24 hours. Cannot be older than 30 days or set in the future. - `limit` (integer) — Per-list cap applied independently to added_endpoints and removed_endpoints. Range 1–500, default 200. If the cap is hit and more rows existed, the truncated flag is set to true. **Returns:** Returns since/until window metadata, window_hours, an added_endpoints array with per-endpoint url/service/price fields, a removed_endpoints array, and a truncated flag if the limit was reached. **Example:** `{"since": "2026-04-22T12:34:56Z", "limit": 200}` --- ### `fetch-decoy-catalog` **Decoy Catalog** — Returns the full oracle-flagged blacklist of dangerous x402 endpoints (decoy_price_extreme, zombie, dead_7d, mostly_dead) with per-entry metadata and per-reason counts, priced at $0.005 USDC. *Use when:* Use when an agent needs to populate or refresh a local blacklist of known-bad x402 endpoints before making preflight calls, or on startup to establish a baseline set of URLs to reject without further probing. *Not for:* Do not use for real-time per-URL risk checks on a single endpoint; use a preflight/oracle lookup for that. Not a substitute for live health probing — data reflects oracle state at generation time and may be truncated at 2000 entries. **Inputs:** - `body` (object) — No parameters required. POST with an empty JSON object {} or no body. **Returns:** Returns a snapshot with generated_at timestamp, counts.total (up to 2000), per-reason breakdown, truncated flag, and an entries array where each item includes url, service_id, reasons, probes_7d, healthy_7d, uptime_7d_pct, and last_probe_at. **Example:** `POST https://x402station.io/api/v1/catalog/decoys Content-Type: application/json {}` --- ### `check-x402-preflight` **x402 Preflight Check** — Validates whether a target x402 endpoint is safe to pay by returning a machine-readable verdict with warnings, risk score, and endpoint metadata. *Use when:* Use when an agent is about to sign a PAYMENT-SIGNATURE for any x402 endpoint URL — especially unfamiliar or third-party ones — and needs to gate the payment on a safety verdict before committing funds. *Not for:* Do not use as a real-time uptime monitor or streaming health check; this is a single-shot pre-payment safety check, not a continuous availability probe. **Inputs:** - `url` (string, required) — Full URI of the x402 endpoint the agent is about to pay. **Returns:** Returns ok (boolean), a warnings array with codes like unknown_endpoint or dead, a metadata object with endpoint details, a risk_score float, and an attribution provenance block. **Example:** `{"url": "https://api.venice.ai/api/v1/chat/completions"}` ---